Tino Rangatiratanga Raraunga ki Aotearoa 2025

This report examines the current landscape of Māori data sovereignty and governance in New Zealand.

The research, conducted over 12 months, underscores the critical importance of Māori data sovereignty in the age of artificial intelligence (AI) to prevent bias and uphold Māori rights.

A key finding reveals a significant disparity between established Māori data governance frameworks and their practical implementation across various sectors, including government, local councils, universities, and even Māori groups themselves, with many hosting data overseas.

The report highlights the inconsistency in defining and managing Māori data and the under-resourcing of Māori data initiatives within many government entities.

Ultimately, it advocates for an all of government, consistent, standardised, and centralised approach to Māori Data Governance, grounded in Te Tiriti o Waitangi obligations and for other organisations, bespoke tikanga Māori solutions, to ensure Māori are active decision-makers in the digital future.

Download a pdf of State of the Nation Report 

 

Introduction

This report examines the current state of Māori data sovereignty and governance in New Zealand. Research was conducted over a 12-month period from September 2024 to the end of August 2025.

The document underscores the critical importance of Māori data sovereignty in the age of artificial intelligence (AI) to prevent bias and uphold Māori rights.

The research highlights a significant disparity between established Māori data governance frameworks and their practical implementation across various sectors, including government agencies, local councils, universities, and Māori groups themselves.

A key finding is the widespread inconsistency in defining and managing Māori data, coupled with under-resourcing of Māori data initiatives within many government entities.

Furthermore, the report reveals that many Māori groups, including prominent advocacy organisations, do not consistently adhere to Māori data sovereignty principles regarding data jurisdiction, often hosting data overseas.

Methodology

Government

The report focused on the 31 Government Departments, in addition, The Privacy Commissioner and the independent commission the Waitangi Tribunal were included using public documentation but were only considered for jurisdiction section.

A total of 43 New Zealand government organisations.

All 14 Statutory entities that fall within the Chief Data Stewards recommendations for government AI assurance frameworks were included.

Excluded were 3 Government Departments: Communications Security Bureau (GCSB) and the New Zealand Security Intelligence Service (SIS) who have their own New Zealand based data centre in New Zealand[i]. Also excluded was the Ministry for Pacific Peoples. 1 executive branch, the Police and 1 Departmental Agency (Independent Children’s Monitor), 1 Crown Entity and 2 Executive Branch: New Zealand Defence Force, Parliamentary Counsel Office.

Also excluded from the list are 12 agencies for a number of reasons including not likely to have Māori Data, national security and the very high likelihood requests would be withheld and being irrelevant. These organisations are:

1. Aroturuki Tamariki
2. Cancer Control Agency
3. Charter School Agency
4. Kainga Ora – Homes and Com munities
5. National Emergency Management Agency
6. Natural Hazards Commission
7. Office of the Clerk of the House of Representatives
8. Parliamentary Counsel Office
9. Parliamentary Service

The total make up of government includes:

33 Government Departments

3 Executive Branch

25 Statutory entities

5 Departmental agencies[ii].

2 Legislative Branch

 

OIA Questions

The following questions were asked of each government organisation via an Official Information Act Request.

1. How does your organisation define Māori data as opposed to non-Māori data?
2. Does your organisation have Māori Data Sovereignty and or a Māori Data Governance policy or strategy? If yes, I request a copy.
3. I also request a copy of your organisation Data Governance strategy/policy/policies?
4. Has your organisation had with any success or no/limited success, implementation of any Māori Data Sovereignty Principles or Māori Data Governance? If yes, please provide details of the implementation and how you measured its success.
5. How many .fte are allocated to Māori Data practices in your organisation?
6. What country/countries are the majority of your organisation’s data stored?
7. Which Cloud Provider(s) do you use?

Māori Jurisdictional Considerations

Using publicly accessible IP and DNS tools, information such as IP numbers, jurisdiction, and MX records was used for this research and cross referenced with private tools.

All groups were identified and used to represent a statistically collective majority and cross section of Māori rights organisations in New Zealand.

Contact information forms were not formally considered in this research due to a number of technical and tikanga complexities that will be included in future research.

These findings were accurate on the day of November 26, 2024, and may have changed since the test as is the nature of web sites and emails.

Iwi

The iwi.nz registrations list was last updated in early 2024. Any domain domains that were expired or did not have any active connectivity either to a web site or an email server were removed from the list.

Māori Data Sovereignty/Māori Data Governance Advocates

Included 12 organisations that identify themselves as Māori Data and or Sovereignty Advocates and experts, including 1 individual who is employed by a New Zealand company as an expert in Māori Data and Sovereignty. Their company and others who employ such roles were not considered for this research unless they specifically advocate for Māori Data Sovereignty/Māori Data Governance outside of their primary workplace via other groups and in public.

Māori advocate organisations

Identified were Te Pāti Māori, a national Māori health provider, Māori Women’s Welfare League and the Kōhanga Reo National Trust.

Māori Tech Companies

The two national Māori Tech Reports Mapping the Māori Tech Sector[iii] and Toi Hangarau: Māori-Owned Technology Companies Annual Report 2023[iv] were used as a basis to get pre identified Māori tech companies and recognised Māori Tech leaders.

Mapping the Māori Tech Sector report was used for the list of Māori tech leaders who were interviewed. Of the 30 leaders, 13 were removed as they were academics with online presence in academia or IT executives at international companies.

The Toi Hangarau report found there were 85 Māori owned tech companies. In their report they profiled 25 companies. Of the 25, 19 were identified as being unique and used for this report.

Other Māori tech companies were identified by the researchers’ own networks.

A total sum of 36 Māori Tech leaders and Māori Tech Companies that were not in the original research were identified. Including the previous companies that were identified, this represents about 59% of the identified Māori Tech companies.

Māori Data Sovereignty versus Indigenous Data Sovereignty

The most significant distinction between Māori Data Sovereignty and Indigenous Data Sovereignty lies in their respective constitutional and legal foundations. Indigenous Data Sovereignty movements (Native American Tribes, Inuit, Indigenous Asians in the Pacific, Australia First Nations, Saami and others) globally often operate without formal treaty relationships or constitutional recognition, requiring advocacy for new legal frameworks and recognition of Indigenous rights. Many of these Indigenous groups worldwide are minorities within settler colonial states, lacking formal treaties that establish ongoing governmental relationships. For others like some of the Native American tribes, they have sovereign nations.

In contrast, Māori Data Sovereignty operates within an established constitutional framework Te Tiriti o Waitangi which creates ongoing Crown obligations to Māori, giving Māori Data Sovereignty formal political leverage that many Indigenous Data Sovereignty movements lack. The Waitangi Tribunal, as a quasi-judicial body established to investigate Treaty breaches, provides a formal mechanism for adjudicating data sovereignty claims, as demonstrated in the WAI 2522 ruling.

Indigenous Data Sovereignty frameworks typically emphasises sovereign nations’ rights to data governance, focusing on Indigenous communities as distinct sovereign entities seeking recognition from settler states.

Māori Data Sovereignty operates differently, reflecting Māori status as treaty partners rather than a separate sovereign nation. This partnership model, while sometimes contested, creates a framework for shared governance rather than separate sovereignty. Māori are positioned as tangata whenua (people of the land) with special considerations of redress, and responsibilities within the New Zealand state structure, rather than as a separate nation seeking recognition.

Both Indigenous Data Sovereignty and Māori Data Sovereignty recognise Indigenous knowledge systems and cultural protocols as fundamental to data governance. However, Māori Data Sovereignty frameworks explicitly locate data within specific Māori social structures and cultural concepts that may not translate directly to other Indigenous.

Māori Data Sovereignty explicitly connects data to whakapapa (genealogical relationships), whenua (land), and mātauranga Māori (Māori knowledge systems). These connections create specific ethical, cultural, and spiritual obligations that extend beyond generic Indigenous Data Sovereignty principles. For example, the concept of tapu (sacredness) and noa (ordinary/unrestricted) creates Māori-specific frameworks for determining what data can be shared and under what circumstances.

The iwi (tribe), hapū (clan), and whānau(family) governance structures provide specific organisational models for data governance that reflect traditional Māori social organization. These structures carry their own tikanga and governance systems, creating multiple levels of authority and responsibility that may differ from other Indigenous organisational models.

 

The importance of Māori Data Sovereignty/Māori Data Governance with AI and Algorithms

The digital future is not on the horizon, it is already here. Artificial Intelligence (AI) systems and algorithmic decision-making are rapidly shaping critical aspects of daily life, from healthcare and education to employment and law enforcement. Māori now stand at a decisive crossroads: the recognition and implementation of Māori Data Sovereignty/Māori Data Governance is no longer optional; it is an urgent necessity.

AI and machine learning technologies are entirely dependent on data. When datasets are incomplete, unrepresentative, or culturally biased, AI models replicate and amplify these distortions.

For Māori, this presents acute risks. Mainstream datasets frequently underrepresent Māori or misinterpret their realities, leading to outcomes that perpetuate stereotypes, reinforce systemic inequities, and exacerbate historical marginalisation. For instance, AI systems used in the criminal justice sector rely on historically biased policing data, resulting in over-surveillance and discriminatory sentencing. In education and healthcare, predictive models often fail to reflect Māori needs, strengths, and aspirations, contributing to ongoing disparities.

Māori Data Sovereignty/Māori Data Governance, that is grounded in Te Tiriti o Waitangi, asserts the inherent rights of Māori to govern, control, and benefit from data relating to their people, resources, and knowledge. This sovereignty is not only a matter of cultural integrity but also a protective mechanism against algorithmic bias. By curating and governing their own data, Māori can ensure that AI systems reflect Māori worldviews, values, and lived experiences, creating safeguards against harmful technological practices.

The risks of ignoring Māori Data Sovereignty/Māori Data Governance are significant. AI systems developed without Māori governance risk cultural misrepresentation, the erosion of te reo Māori, and the distortion of Māori knowledge systems. Healthcare AI, for example, may overlook Māori concepts of wellbeing or exclude traditional healing practices, producing outcomes that fail Māori patients. Similarly, algorithms trained without Māori input may marginalise or misinterpret Māori cultural frameworks in housing, employment, and social services.

Equally important is the protection of privacy and autonomy. Without oversight, Māori data may be exploited for commercial gain, used for surveillance, or shared without consent. Māori Data Sovereignty/Māori Data Governance provides a framework to ensure that data use aligns with Māori priorities, values, and rights, reversing historical patterns of extraction and misuse.

For Māori, data is more than a commodity, it is a taonga (treasure)[v][vi], an expression of identity, culture, and whakapapa. The governance of Māori data is therefore directly tied to the protection of cultural security, the preservation of language, and the survival of Māori worldviews in an increasingly digital landscape.

Māori Data Sovereignty/Māori Data Governance is thus essential to safeguarding Māori communities from the harms of AI bias and algorithmic discrimination. By embedding Māori Data Sovereignty/Māori Data Governance in data and AI development, New Zealand can ensure that digital transformation supports equity, justice, and cultural sustainability, rather than entrenching existing inequalities. The future of AI must be inclusive, participatory, and Treaty-based, with Māori Data Sovereignty/Māori Data Governance at its core to secure a just and culturally grounded digital future.

Waitangi Tribunal

The Waitangi Tribunal is a permanent commission of inquiry established under the Treaty of Waitangi Act 1975[vii]. It was created to investigate claims brought by Māori concerning breaches of the Treaty of Waitangi (Te Tiriti o Waitangi) by the Crown. While it is not a court, the Tribunal is a quasi-judicial body, meaning it functions in a legal and investigative capacity with procedures similar to a court of law. Its central role is to determine whether government actions or policies have been inconsistent with the principles of Te Tiriti o Waitangi.

The Tribunal hears claims lodged by Māori individuals, hapū, and iwi, who may allege that the Crown has acted in ways that undermine their rights guaranteed under the Treaty of Waitangi /Te Tiriti o Waitangi. Such breaches may relate to land, waterways, forests, fisheries, language, culture, or broader issues of social, political, and economic rights. To carry out its work, the Tribunal conducts historical and contemporary research, holds hearings, and receives evidence from both Māori claimants and the Crown.

Once an inquiry is completed, the Waitangi Tribunal issues a report containing its findings and recommendations. In most cases, its recommendations are not legally binding; however, they carry significant moral and political weight and often form the basis of subsequent Treaty settlements between Māori and the Crown.

The work of the Tribunal is of considerable importance to the Treaty settlement process and to New Zealand’s constitutional framework. It provides Māori with a formal mechanism to seek redress for historical and ongoing injustices, ensures that breaches of Te Tiriti are publicly acknowledged, and plays a vital role in shaping how Treaty principles are understood in practice. Through its inquiries and reports, the Waitangi Tribunal has been instrumental in recognising Māori perspectives, histories, and rights, and in keeping the Treaty of Waitangi /Te Tiriti o Waitangi as a living document within New Zealand society.

 

Māori Data Sovereignty Claim WAI 2252

The Waitangi Tribunal heard a case against the Crown in The “Report on the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (WAI 2522)[viii] where Māori claimants and expert witnesses argued for recognition that Māori Data is a taonga and recognised in the Treaty of Waitangi /Te Tiriti o Waitangi.

The Waitangi Tribunal concluded in November 2021 that the New Zealand Crown failed to uphold its Treaty of Waitangi obligations in parts of the CPTPP, particularly in relation to key e‑commerce provisions which posed significant risks to Māori rights, especially over data sovereignty and the protection of mātauranga Māori (Māori knowledge)

 

WAI 2252 defines Māori Data as

“Digital or digitisable information or knowledge that is about or from Māori people, language, culture, resources, or environments. Māori Data is a Taonga and subject to Māori Governance”. It also defines Māori Data Sovereignty as “Māori Data Governance. The principles, structures, accountability mechanisms, legal instruments, and policies through which Māori exercise control over Māori data”.

The Tribunal affirms that Māori Data Sovereignty is not symbolic but involves active governance and authority, rooted in Te Tiriti rights and tikanga, granting Māori the power to determine how their data is used, shared, and protected.

 

Analysing the Tribunals findings

The Tribunal highlights that Māori Data Sovereignty must be enacted in practical and enforceable ways.

It recognises that Māori Data Sovereignty is not symbolic; it is about active governance and authority. It affirms that Māori must hold the power to determine how their data is used, shared, and protected, and that this authority arises from both Treaty rights and tikanga.

Māori Data Sovereignty is Māori Data Governance

It is more likely that using the term Māori Data Governance will emphasise the meaning and fits into the international practice of Data Governance, while Data Sovereignty has many more implications making it very difficult to implement.

The principles

Principles provide the values and tikanga that guide practice. This is directly related to the High Court Judgement Peter Hugh McGregor Ellis v R NZSC 114[ix]

… structures

Establish Māori authority in decision making such as partnerships, and Māori Data Governance experts on governance groups.

… accountability mechanisms

Ensure that Māori interests such as Te Tiriti, bias, inequities are protected

…legal instruments

Each government agency has their own legal instruments and non-government agencies are bound by various legislation. Each Māori Data Governance Frameworks must be bespoken and include relevant legal instruments such as:

• He Whakaputanga/The Declaration of the Independence of New Zealand (1835)[x]
• Te Tiriti o Waitangi 1840[xi]
• The Treaty of Waitangi Act 1975[xii]/ Te Ture mō Te Reo Māori 2016/the Māori Language Act 2016 (2016 No 17)[xiii]
• Māori Language Act 1987[xiv]
• United Nations Declaration on the Rights of Indigenous Peoples 2007[xv] that New Zealand. The New Zealand government announced its support for the Declaration in April 2010 at the United Nations[xvi]
• The Report on the Comprehensive and Progressive Agreement for Trans-Pacific Partnership Wai 2252[xvii]
• Ko Aotearoa Tēnei: A Report into Claims concerning New Zealand Law and Policy Affecting Māori Culture and Identity, Taumata I and II WAI 262[xviii]
• Supreme Court Judgement Peter Hugh McGregor Ellis v The King – SC 49/2019[xix]
• Legal Personhood Te Awa Tupua (Whanganui River Claims Settlement) Bill[xx]
• Legal Personhood Te Urewera Act 2014[xxi]
• Hauora: Outcomes Kaupapa Inquiry (WAI 2575)[xxii]
• Pae Ora Strategies[xxiii]
• Pae Ora (Healthy Futures) Act 2022[xxiv]
• Legal Personhood Mount Taranaki Te Pire Whakatupua mō Te Kāhui Tupua/Taranaki Maunga Collective Redress Bill[xxv]

New Zealand Legislation including but not limited to:

• Biometric Processing Privacy Code 2025[xxvi]
• Education and Training Act 2020[xxvii]
• The Data and Statistics Act 2022[xxviii]
• Digital Identity Services Trust Framework Act 2023
• Customer and Product Data Act 2025[xxix]
• Pae Ora (Healthy Futures) Act 2022[xxx]
• Privacy Act 2020[xxxi]
• Plant Variety Rights Act 2022[xxxii]

… and policies through which Māori exercise control over Māori data

Organisational police’s that may include operationalising guardrails.

Māori Data is a Taonga

This recognises the WAI 262 statements that mātauranga Māori is a taonga and subject to Tino Rangatiratanga, guaranteeing of Te Tiriti o Waitangi protections. This framing elevates Māori data beyond being seen as a mere resource or commodity. Instead, it positions data as something with intrinsic cultural, spiritual, and collective value, deserving of protection and respect under tikanga Māori and Treaty principles.

In essence, the Waitangi Tribunal’s statement recognises that Māori Data Sovereignty is not symbolic; it is about active governance and authority. It affirms that Māori must hold the power to determine how their data is used, shared, and protected, and that this authority arises from both Treaty rights and tikanga. By classifying data as taonga, the Tribunal underscores the Crown’s obligations to protect Māori data and support Māori governance structures that give practical effect to sovereignty in the digital era.

New Zealand Government and Māori Data and Governance

The research shows multiple definitions of Māori Data/Māori Data Sovereignty and Māori Data Governance and widespread omitting of Māori Data/Māori Data Sovereignty and Māori Data Governance across all of government leading to the likelihood of multiple risks of bias, and inequities creating enhanced risks for algorithmic bias against Māori.

14 Government agencies have no definition of Māori Data or Māori Data Sovereignty/Governance, and Māori are not considered in any of the 14 government agencies Data strategies.

The remaining 25 have multiple definitions:

6 Identify Te Kahui Raraunga definition of
“Māori data refers broadly to digital or digitisable data, information or knowledge (including mātauranga Māori) that is about, from or connected to Māori. It includes data about population, place, culture and environment.”

“Māori data governance; The principles, structures, accountability mechanisms, legal instruments and policies through which Māori exercise control over Māori data.”

“Māori data sovereignty; The inherent rights and interests that Māori have in relation to the collection, ownership and application of Māori data.”

4 Use the StatsNZ definition. despite StatsNZ stating they do not have a definition, only that they think about Te Kahui Raraunga data governance framework. It is likely that these 4 government agencies use the iwi affiliation framework by StatsNZ .

3 Te Mana Raraunga definition (updated)
“ Data is a living tāonga and is of strategic value to Māori. Māori data refers to data produced by Māori or that is about Māori and the environments we have relationships with. Māori data is subject to the rights articulated in the Treaty of Waitangi and the UN’s Declaration on the rights of Indigenous Peoples, to which Aotearoa New Zealand is a signatory”.”

1 agency. MSD have stated that “an internal definition is under development”

1 agency claimed to cite an out-of-date policy for their definition of Māori Data from Te Tari Taiwhenua Department of Internal Affairs in He Aratohu Kapua – Guidance to support Te Tiriti-based Government Cloud adoption November 2023. This outdated document states it is due for review.

The Ministry of Health and Te Whatu Ora have Māori Data Governance principles identified in the Waitangi Tribunal Hauora: report on stage one of the Health Services and Outcomes Kaupapa Inquiry (WAI 2575)[xxxiii] and in the Pae Ora Strategies[xxxiv] and Pae Ora (Healthy Futures) Act 2022[xxxv]. There was no proof that these were being implemented with their Data Governance documents.

There appears to be much confusion with government agencies and Māori Data guides and definitions. There have been several definitions created defining what Māori Data is that avoids any responsibility to Te Tiriti and rangatiratanga.

Nevertheless, in Māori society, it is considered that the Waitangi Tribunal is the authority considering its rich pool of tikanga and reo experts on the panel and the Māori Data experts who were witnesses in the tribunal claim. It is also the role and responsibility of government entities to also respect and implement the findings of the Waitangi Tribunal.

Jurisdiction

In 2019, at the request of the Data Iwi Leaders group, Stats NZ commissioned a report “Offshoring New Zealand Government Data “outlining the benefits, risks, and mitigations of storing iwi and Māori data in the cloud[xxxvi].

Cloud hosting went from being mostly about “renting servers” in 2019 to now being about intelligent, flexible, sovereign, and AI-powered platforms that use encryption, leaving the beforementioned document outdated.

It highlights the Data Iwi Leaders Group’s (Data ILG) advocating for a more balanced appraisal that includes the Crown’s obligations under Te Tiriti o Waitangi, a comprehensive look at offshore and onshore storage, and solutions enhancing Māori sovereignty over their data and necessitating active protection and Māori involvement in decision-making processes.

It proposes the co-design of a framework to guide agencies on data classification and storage location, moving beyond solely legal compliance towards a Te Ao Māori (Māori world view) approach that fosters trust and capability building within the digital space for Māori.

This in contradiction of government statistics that the Cloud Act a major, but still real, threat when considering the Act being used on New Zealand citizens is 0.007% . Considering the many other options that can also be used to summons Māori data that is stored in New Zealand, the case is wanting. Nevertheless, there is a risk, and it is up to Māori on a case-by-case basis to determine their own risk levels with their data in terms of jurisdiction.

Most government data is in New Zealand and Australia, with more data in Australia. Looking at the data hosts, they mostly use technology that has sovereign encryption removing much of the risks of overseas data storage. This is assuming the encryption is implemented correctly.

Of note, are the two instances of data being hosted in the USA and Canada.

Hosting Locations	Entities
New Zealand and Australia	21
Australia only	11
New Zealand only	3
New Zealand, Australia and Canada	1
New Zealand, Australia and the United States of America	1
With held information. Citing commercial sensitivities and national security	3

Where is our Data being stored

26 Cloud Host providers are utilised by the New Zealand Government, with the majority of the data being hosted with 6 providers who account for 89 of the 120 hosted data, or about 74% of data.

Name of Cloud Provider	Number of entities
Ex Libris (USA/Germany/UK/France/Scandinavia/Australia)	1
Koordinates (NZ)	1
ArcGIS online (USA/Global/NZ)	2
Axiell Collections Cloud Service (Global)	1
IBM (USA)	1
OpenText (Global)	1
Private (NZ)	1
Relativity (USA)	1
Tableau Cloud (USA)	1
VMWare Cloud (USA)	1
Zscaler (USA)	1
SAP (USA)	2
Technology One (Australia)	3
DataCom (Global)	3
SalesForce (USA)	3
ServiceNow (USA)	3
Withheld	3
Google (USA)	4
Catalyst (NZ)	6
Oracle (Oracle)	9
Spark (NZ/Global)	14
Amazon AWS (USA)	20
Microsoft (USA)	37

Have a Data Strategy or Policy?

About half of all government organisations do not have a Data Governance plan. This creates significant risks to both Māori and all New Zealanders. It will also mean that the introduction of AI in government will likely not see the full potential of the Data the New Zealand government has.

24 have a Data strategy or policy

3 are developing a data strategy

1 was with withheld

11 have none

Of these data strategies, almost half do not recognise Māori Data Sovereignty/Māori Governance.

17 include Māori or Te Tiriti in their Data Strategies

14 don’t recognise Māori

1 was withheld

Māori Data Frameworks implemented?

The implementation of Māori Data frameworks was mixed but showed some clear preferences by government. 30 organisation had a Māori Data Framework.

8 do not recognise Māori and Te Tiri with their data strategies

16 have Māori and Te Tiriti rights as a part of the overall Data Strategies.

14 have bespoke Maori Data Governance strategies, reflecting appropriate Māori cultural values.

2 Government organisations are attempting to implement Te Kāhui Rāraunga Māori Data Governance model:

• one organisation states that it is largely not applicable to their area
• both state that only parts are trying to be implemented

The Iwi Leaders Data Group and its Charitable Trust Te Kāhui Raraunga published the Māori Data Governance Model report[xxxvii].

“… provides guidance for the system-wide governance of Māori data, consistent with the Government’s responsibilities under te Tiriti o Waitangi. The Model is intended to assist all agencies to undertake Māori data governance in a way that is values-led, centred on Māori needs and priorities, and informed by research.”

No government agency in New Zealand uses the report. Feedback from various departments indicated concerns regarding its practical applicability, alignment with established data governance principles, and integration with relevant legislative frameworks.

Again, underscoring the necessity for new, dynamic models of Māori Data Governance that are bespoken.

.fte allocation to Māori Data

Resources dedicated to Māori Data Governance and Māori Data Sovereignty were insufficent.

7 government entities make up 16.5 fte allocated to Māori Data. Where one entity has 15 staff involved with a Māori Data governance group. StatsNZ will assign tasks to staff as required.

The remaining 27 entities have 0.0 fte allocated to Māori data.

1 entity engages with external experts when required with Māori Data.

 

New Zealand Local Government and Māori Data

This section analyses local government usage of Māori Data Sovereignty/Governance and was correct as of February 2024.

Local Councils and Crown Research Institutes are not further discussed in this report as:

By the end of 2024:

• 0 of the 78 local government councils had a definition for Māori Data/Māori Fata Sovereignty and 0 had implemented Māori Data Sovereignty/governance, but there was de spread motivation to explore this.
• 0 of the 7 Crown Research Institutes had a definition for Māori Data/Māori Fata Sovereignty and 0 had implemented Māori Data Sovereignty/governance. Some rely on WAI 262 and ignore WAI 2522, and most have Māori engagement strategies.
• The 7 Crown Research Institutes (CRIs) merged into 3 new entities on July 1, 2025, Bioeconomy Science Institute (BSI), Earth Sciences NZ and a new Institute for Advanced Technology is also being created. None of which have a definition for Māori Data/Māori Data Sovereignty and 0 had implemented Māori Data Sovereignty/governance. In 2025 one CRI had a working document for Māori Data Sovereignty/governance.

 

Māori Data Governance Frameworks

In 2016, a group of largely Māori academics organised a meeting of academics and a small group of Māori IT advocates to meet at the University of Waikato to discuss Indigenous Data Sovereignty. This resulted in the formation of the Māori Data Sovereignty Network Te Mana Raraunga. Membership was restricted and no widespread community or industry consultation occurred.

Māori consultation is best done in the communities in places such as marae, townships and tribal authorities’ buildings where Māori feel safe, it is also a common tikanga practice to do this.

At this meeting the following set of Māori Data Sovereignty principles were created:

• Rangatiratanga (Authority/Control)
• Whakapapa (Relationships)
• Whanaungatanga (Obligations)
• Kotahitanga (Collective Benefit)
• Manaakitanga (Reciprocity
• Kaitiakitanga (Guardianship)

The name of the network used the word ‘Mana’ and not ‘mana motuhake’ or ‘rangatiratanga’, words used in Te Tiriti, He Whakaputanga, WAI 262 and communities for sovereignty, leading to an immediate disconnect with Māori cultural practitioners in communities and the tech industry.

The principles are focused on collective/iwi rights to Māori data and ignored Māori society structures such as hapū, whānau, marae, trusts and Māori organisations[xxxviii]. The principals the primary focus of the New Zealand government for Iwi rights regarding Māori data. The High Court case 2021-NZHC-2942[xxxix] impacted this practice when it ruled that it was not just iwi that had rights to Crown data but Māori groups.

The principals are outdated and of little value today. They stress control but not equitable benefit-sharing or Māori participation in the data economy. While also being aspirational with no legal or regulatory considerations.

They do not consider AI bias, model training, analytics, innovation markets, Māori-led AI infrastructure, digital colonialism, cloud computing, genomic research, emerging technologies, etc. They lean heavily on international Indigenous Data Sovereignty frameworks but don’t explicitly embed tikanga-based decision models (e.g., how to decide what’s tapu/noa in a digital space) and it does not connect Te Ao Māori decision-making processes directly to data governance.

While the principles established by Te Mana Raraunga remain historically significant, their limitations underscore the necessity for new, dynamic models of Māori Data Governance. These models must be iterative, responsive, and firmly grounded in tikanga, ensuring that Māori are not passive recipients of digital transformation but active architects of data futures. Without such evolution, Māori Data Sovereignty risks being rendered symbolic, powerful in rhetoric but inadequate in practice as it currently is. Despite being at precisely the moment when digital technologies demand the strongest protections for Māori rights, values, and futures.

Despite this, the principals have more than 668 citations (largely by a group of Māori academics) in academic literature, despite the principles not being implemented anywhere in government, most iwi/hapū/marae, businesses and organisations and only referred to in academic policies. The value of the principles are as an academic artifact only, and of little use to the data governance sector.

Creating Māori Data Sovereignty and Governance Frameworks as a one guide for all is against tikanga Māori and could be viewed as Eurocentric. In Te Ao Māori, each whānau, hapū, marae and Iwi have their own tikanga and kawa that is nurtured, adaptable and is well known within the communities. We do not force our tikanga onto another group, but we acknowledge and respect each other’s tikanga. The same tikanga needs to be applied to Māori Data Governance. After 10 years of prescribed principles, we see that this has failed. Mana Motuhake and Rangatiratanga is required for successful implementation for the protection and governance of Māori Data.

To implement Māori Data Sovereignty and Māori Data Governance successfully, it must be bespoken to the organisation and aligned with the organisation’s own values, created with Māori stakeholders and built upon Te Tiriti and He Whakaputanga while recognising UNDRIP and other relevant legal instruments and policies.

In addition to the 14 government organisations who have bespoke Maori Data Governance strategies, below are a number of other examples of big tech, national organisations, education research organisations and Māori who have successfully created their own bespoke Māori Data Sovereignty and Governance frameworks.

1. AKO – https://ako.ac.nz/programmes-and-services/collections/artificial-intelligence-ai-in-tertiary-education/practical-tips/ethics-and-ai-a-starter-guide-for-educators
2. ARA Journeys – The Whakapapa Tech Stack https://www.arajourneys.com/
3. AWS New Zealand https://aws.amazon.com/blogs/architecture/introducing-the-maori-data-lens-for-the-well-architected-framework/
4. Catalyst NZ https://www.catalyst.net.nz/about-us/catalyst-and-te-tiriti
5. Crop and Food
6. Deloitte
7. Iwi such as Ngāti Whakauae and Rangitāne o Wairarapa
8. Microsoft New Zealand with Te Tumu Paeroa

9. Ngāti Toa and ITeam (Oracle) The Five S’s https://teamcloud.nz/home-page

1. ONE NZ https://content.vodafone.co.nz/a1/95/2bf57815403693de5895c23f7bec/vodafone-new-zealand-honouring-the-principles-of-te-tiriti-o-waitangi-policy-bi-lingual-final.pdf
2. Payments NZ https://www.apicentre.paymentsnz.co.nz/standards/using-standards/nga-tohu-arahi-api-centre-data-handling-guidelines/
3. Spark
4. Tiaki Taonga https://www.tiakitaonga.com/kia-kotahi-tatou-mo-tiaki-taonga-20-08-2024
5. Whare Hauora – Māori data sovereignty in practice – from Governance to Operations and Why

Universities

There are 8 legally recognised Universities in New Zealand, of which 2 (Waikato and Lincoln) have no consideration at all for Māori Data Sovereignty/Māori Data Governance.

Considering Waikato University is the home of the Māori Data Sovereignty network and staff, recipient of tens of millions of dollars of government research funding about Māori Data Sovereignty/Māori Data Governance, including the MBIE funding for Tikanga in Technology[xl] and multiple other funds for Māori Data Sovereignty initiatives and research[xli], it is questionable why they don’t have an explicit Māori Data Sovereignty/Māori Data Governance policy.

Universities of Auckland, Canterbury and Otago, all have strong community relationships with local Māori, and they all have Māori Data Sovereignty/Māori Data Governance and Te Tiriti policies to protect Māori Data.

Below is a breakdown of the commitments by the Universities with Māori Data Sovereignty.

Waipapa Taumata Rau, University of Auckland	Data strategy is called “Te Rautaki Raraunga | Data Strategy”. Within the strategy Māori Data Sovereignty is mentioned 10 times. But no Māori principles are explicitly stated.   In the Research Data Management Policy, Māori Data and Māori Data Sovereignty is defined using Te Mana Rauranga’s definitions.   FAIR and CARE principles are referenced for Indigenous and Pacific Data Sovereignty. https://www.auckland.ac.nz/en/about-us/about-the-university/the-university/official-publications/data-strategy.html
Auckland University of Technology – AUT	AUT doesn’t have a standalone Māori data sovereignty policy.   AUT’s commitment to Te Tiriti o Waitangi is framed through its internal strategic documents such as, Te Aronui – AUT Te Tiriti Framework, which shapes how the university practices Tiriti honouring across policies, research, and operations
The University of Waikato	No publicly accessible standalone Māori data sovereignty policy was found.
Massey University	No publicly accessible standalone Māori data sovereignty policy was found.
Te Herenga Waka – Victoria University of Wellington	No publicly accessible standalone Māori data sovereignty policy was found.   The university encourages researchers to incorporate tikanga Māori such as kaitiakitanga, whanaungatanga, rangatiratanga, manaakitanga, and akoranga into their projects. https://www.wgtn.ac.nz/research/support/maori-research-practices
University of Canterbury	There is no separate, standalone Māori Data Sovereignty policy at the University of Canterbury.   While there’s no dedicated institutional policy, the University of Canterbury actively embeds Māori data sovereignty principles across multiple domains: research ethics, data governance, AI policy, and academic culture.   The institution emphasizes ethical, purpose-oriented, and culturally sensitive practices through CARE, FAIR, classification standards, and mandatory Māori engagement. https://www.canterbury.ac.nz/research/eresearch-at-canterbury/managing-research-data/care-principles .   UC strongly recommends that all decisions about Māori data storage be made in collaboration with Māori, and that Māori data is stored in Aotearoa New Zealand so that is not subject to foreign laws (see Research Data Storage Section).   Any research using iwi data must be conducted with consultation with iwi. We strongly recommend engaging with Kaiārahi from your department or Kaiārahi Rangahau Māori in this dynamic space and information is available on the Māori Research Partnerships page.   Our eResearch Consultants are available to give advice on the most appropriate storage solution for your research. Our Data Librarian is also on hand to support researchers in this area. You can read more details about Māori Research Methodology and book time with the subject librarian on the Libguides page.
Lincoln University	No publicly accessible standalone Māori data sovereignty policy was found.
University of Otago	The University of Otago does not currently hold a standalone Māori Data Sovereignty policy publicly accessible on its website.   However, it does have an institutional wide “Māori Strategic Framework 2030 – Sovereignty & Taoka Māori Otago’s Māori Strategic Framework 2030 https://www.otago.ac.nz/maori/maori-strategic-framework that includes sovereignty of all taonga Māori which would include Māori Data

Māori Data Jurisdictional Considerations

Using the following matrix to score Māori Data Sovereignty compliancy in te ao Māori, a total score of 3 was achievable. A survey was completed with Iwi, Māori advocates, businesses, tech companies, wānanga, Māori tech companies and Māori Data Sovereignty advocates.

1 point was awarded for each of the following categories:

• .nz domain name that is registered with a New Zealand company using New Zealand servers. No dot kiwi domains were identified in this research, nor were any domain name companies with servers overseas.
• A web site hosted on a New Zealand server
• Email server based in New Zealand. Where no email server was available it followed an allocation of 0 was given.

The findings are at odds with the findings and recommendations of the 2019 Stats NZ report “Offshoring New Zealand Government Data[xlii]. There are multiple reasons for this including a lack of consultation with Māori who have data hosted, and the rapid changes in technology since 2019.

Iwi

3 out of 85 Iwi groups with a dot iwi.nz domain name host all of their data in New Zealand non-proprietary servers and tools

85 Iwi web sites using the iwi.nz domain name was identified with active web sites and or active email servers.

62 iwi had both their emails and web site content including memberships databases hosted internationally.

17 iwi had New Zealand based web sites but not emails hosted in New Zealand.

6 iwi had New Zealand based emails and web sites hosted in New Zealand.

Māori advocates

This category identified 4 national Māori advocate organisations.

1 used a .com, the 3 others used various .nz domain names.

All 4 used international hosts for email and web content.

Māori businesses

10% of Māori businesses were fully compliant with Māori Data Sovereignty Principles of jurisdiction with a preference to not use dot maori.nz

10 out of 100 Māori owned businesses chosen at random from two online Māori business directories representing Māori all over the country had emails and web site hosted in New Zealand with a New Zealand based domain name.

40 out of 100 domains were non-New Zealand domains.

Dot nz and .co.nz were the preferred domain names, not .maori.nz

Māori Data and Sovereignty Advocates and Experts

1 organisation Taiuru & Associates (http://www.taiuru.maori.nz) had both web site and email hosted in New Zealand by various New Zealand companies with servers based in New Zealand.

Te Mana Raraunga the organisation who created the original Māori Data Sovereignty Principles only scored a 1/3 as their domain name is a nz domain with a New Zealand company, but it is not registered to Te Mana Raraunga. It is registered to an individual. All of their web site content and emails and data are hosted overseas.

Likewise, Te Kāhui Raraunga the Iwi Data Sovereignty advocacy group (Iwi leaders Group Charitable group) were the least Māori Data Sovereignty principles compliant with a 0/3 score. Their Te Whata Iwi Data stats web site was designed by a non-Māori company, and is stored in America using a non-New Zealand domain also generating a score 0/3 in the Māori Data Sovereignty Score.

Also of note: the widely respected and acknowledged Kingitanga online presence also scored 0/3.

Māori Tech Companies

15 Māori Tech companies scored 0/3

16 Māori Tech companies scored 1/3

4 Māori Tech companies scored 2/3

1 Māori Tech company scored 3/3

All 15 of the tech companies that scored 0/3 had international domain names or non .nz domain names.

Wānanga

None of the three Wānanga had web sites or emails hosted in New Zealand.

One had a non-New Zealand based domain name. The other 2 used .ac.nz domains.

Jurisdictional summary

The findings show that most Māori (individuals, whānau, hapū, marae, Māori Tech companies and Iwi) with a web site, email and other online data (data, membership registrations, whakapapa, etc) do not consider privacy, jurisdiction, domain branding as Māori, or prior consent of their email and web site associated data as an issue. This is also reflected in the Privacy Commissioner research[xliii] and community interactions that younger Māori typically are not worried about data sharing and privacy.

Most Māori groups prefer to use international servers with no regard to Māori Data Sovereignty and Māori Data Governance, jurisdiction, and other New Zealand legal protections to them and their communities, whānau and end users.

The results from this research show that even the most prominent Māori (and Iwi) Data Sovereignty groups who advise the New Zealand government and others about Māori Data Sovereignty, most Māori tribes and even most Sovereign Māori advocates do not follow Māori Data Sovereignty principles or consider New Zealand legislation to protect their communities, whānau and end users, nor have most done so since at least 2018 when this test was first completed.

This highlights the need for bespoke solutions using tikanga Māori and allow Māori data holders to decide where their data is stored.

Big Tech and Māori Initiatives

Apple, Microsoft, and Google’s support gives Māori greater visibility, access, and empowerment in the digital age. It strengthens language revitalisation, education, cultural identity, and inclusion in global technologies. But they stop short of recognising Māori Data Sovereignty and Māori Data Governance. Sovereignty requires Māori authority, control, and benefit-sharing, which is not currently the case.

Nevertheless, it is worth noting that big tech companies recognise the needs and benefits of working with Māori.

Apple

Some initiatives include:

• Training: Apple partnered with Te Pūkenga, New Zealand’s largest tertiary education provider, to address the technology gap faced by Māori and Pasifika peoples
• Racial Equity and Justice Initiative (REJI): This program aims to equip educators with the skills to teach digital technologies, including app development, to students in schools with high Māori and Pasifika enrollments.
• Mapping Initiatives: Apple has collaborated with Indigenous cartographers and iwi to enhance mapping features in New Zealand, including adding place cards for marae and dual-language place names
• Māori Language Integration: Apple’s education resources include support for integrating Te Reo Māori (Māori language) into digital learning, such as using tools like Numicon and Clips for math lessons with Te Reo Māori narration
• Macron and reo spelling support in Mac

Google

Some initiatives include:

• Added Māori to Google Translate over ten years ago
• Partnered with TupuToa Initiative to run a virtual internship program specifically for Māori and Pasifika youth working on projects
• Doodles in collaboration with local Māori artists, including special releases for Waitangi Day Google New Zealand (Claude Summary)
• has developed internal cultural initiatives including:
• “Te Reo Tuesday” – a weekly segment during team calls where a colleague shares new Māori words and phrases
• An online training module created in consultation with cultural partner AU, covering Aotearoa’s history, te Tiriti o Waitangi, and the relevance of Māori values in workplaces
• Traditional Māori welcomes including singing Māori songs to honored guests

Microsoft

Some initiatives include:

• Māori macron keyboard
• Māori language locale of Windows and Office
• Te reo Māori was included in Microsoft Translator
• Hour of Code in Te Reo Māori: Microsoft ensured Hour of Code tutorials were available in Māori to help reach more students and inspire them to learn digital skills
• Māori Data Sovereignty Framework with Te Tumu Paeroa
• HikoHiko Te Uira Program: Microsoft co-designed a digital upskilling initiative called “HikoHiko Te Uira” (A Digital Spark for Your Future) to reach more Māori and Pacific peoples

 

Recommendations

These recommendations ensure Māori are not passive data subjects but active sovereign decision-makers in the digital future. They create safeguards against bias and exploitation while enabling Māori to shape AI and digital technologies in ways that promote equity, cultural survival, and self-determination.

Data

1. There should be one singular definition for Māori Data, and Māori Data Sovereignty/Governance across all of government. Adopting WAI 2252 definitions ensures that data governance is directly tied to Te Tiriti obligations rather than left to voluntary or symbolic recognition. Considering the Waitangi Tribunal is a quasi-judicial body established by Parliament, its findings carry statutory legitimacy and constitutional weight. No other academic, government, or international framework has this same legal grounding within Aotearoa New Zealand.
2. All of government implement a consistent, standardised, and centralised approach to Māori Data, Governance, and Sovereignty across their operations. This is crucial to reduce wasteful spending and ensure consistency, while also establishing a standardised method for incorporating Māori Data principles into existing government strategies.
3. Government entities broaden their engagement to include a representative perspective of Iwi, hapū, marae, Māori organisations, and Māori representative groups. This comprehensive engagement is essential to prevent future Te Tiriti claims for breaches. Increasing risks of bias and discrimination.
4. For successful implementation of Māori Data Governance outside of government, it must be bespoken to the organisation and aligned with the organisation’s own values, created with Māori stakeholders. This approach reflects the principles of Mana Motuhake and Rangatiratanga, moving away from prescribed, Western ways of thinking that have previously proven ineffective.
5. Māori Data, Governance, and Sovereignty should be treated as a subsection or theme within broader data governance policies and strategies. This will avoid overlaps and gaps in Data Governance.
6. Organisations should acknowledge the potential for significant economic returns and significant risks if Māori Data Governance is not implemented, when Māori data is used with AI and algorithms.
7. There needs to be greater accountability and understanding to organisational governance boards regarding Māori Data Governance.
8. Consideration should be given to the environmental impacts of AI and the feasibility of a New Zealand Sovereign AI.
9. Māori groups (individuals, whānau, hapū, marae, Māori Tech companies, and Iwi) using online data are implicitly recommended to consider privacy, jurisdiction, domain branding as Māori, and prior consent of their email and website-associated data, as many currently do not.
10. Prominent Māori Data Sovereignty groups should align their practices with the principles they advocate, given that many currently do not follow Māori Data Sovereignty principles, particularly concerning jurisdiction and New Zealand legal protections.
11. The division between Māori academics and the Māori tech industry/Māori knowledge holders needs to be addressed.

AI and Algorithms

1. New Zealand Government should invest in sovereign cloud services hosted onshore to maintain jurisdictional control over New Zealand and Māori data.
2. Iwi, hapū and Māori organisations need to invest in training and education programmes for Māori in Data Governance, Data Analysis and AI Governance alongside governance training and to provide opportunities for new shadow and director positions.
3. Support Māori organisations to build and manage their own secure digital infrastructure.
4. Embed tikanga-based principles into algorithm design, deployment, and auditing.
5. Strengthen protocols for data use, ensuring free, prior, and informed consent for Māori data.
6. Prohibit the exploitation of Māori data for commercial gain or surveillance without community approval.
7. Train and resource Māori experts in AI, data science, and governance.
8. Establish scholarships, fellowships, and research funding for Māori led digital innovation.
9. Prioritise the inclusion of te reo Māori, tikanga, and mātauranga Māori in digital systems and datasets.
10. Require AI tools in health, education, and social services to integrate Māori worldviews and wellbeing frameworks.
11. Align Māori Data Sovereignty with global Indigenous frameworks (CARE Principles, OCAP®, Maiam nayri Wingara).
12. Create independent Māori-led monitoring bodies to audit government and corporate use of Māori data.
13. Establish penalties and remedies for misuse, misrepresentation, or non-compliance with Māori Data Sovereignty principles.

 

References

[i] https://www.gcsb.govt.nz/news/all-of-government-data-centre-opened-at-whenuapai-ceremony

[ii] https://www.publicservice.govt.nz/system/central-government-organisations

[iii] https://www.mea.nz/mappingmaoritech

[iv] http://www.toihangarau.nz/

[v] https://goodminds.com/products/indigenous-research-design-transnational-perspectives-in-practice

[vi] https://www.taiuru.co.nz/data-is-a-taonga/

[vii] https://www.legislation.govt.nz/act/public/1975/0114/latest/whole.html

[viii] https://forms.justice.govt.nz/search/Documents/WT/wt_DOC_195473606/Report%20on%20the%20CPTPP%20W.pdf

[ix] https://www.courtsofnz.govt.nz/assets/cases/2022/2022-NZSC-114.pdf

[x] https://nzhistory.govt.nz/culture/declaration-of-independence-taming-the-frontier

[xi] https://www.waitangitribunal.govt.nz/en/about/the-treaty/about-the-treaty

[xii] https://www.legislation.govt.nz/act/public/1975/0114/latest/whole.html

[xiii] https://www.legislation.govt.nz/act/public/2016/0017/latest/DLM6174566.html

[xiv] https://www.legislation.govt.nz/act/public/1987/0176/latest/whole.html

[xv] https://www.un.org/development/desa/indigenouspeoples/wp-content/uploads/sites/19/2018/11/UNDRIP_E_web.pdf

[xvi] https://www.tpk.govt.nz/en/a-matou-whakaarotau/te-ao-maori/un-declaration-on-the-rights-of-indigenous-peoples

[xvii] https://forms.justice.govt.nz/search/Documents/WT/wt_DOC_195473606/Report%20on%20the%20CPTPP%20W.pdf

[xviii] https://waitangitribunal.govt.nz/en/news/ko-aotearoa-tenei-report-on-the-wai-262-claim-released

[xix] https://www.courtsofnz.govt.nz/cases/peter-hugh-mcgregor-ellis-v-the-queen-1

[xx] https://www.legislation.govt.nz/act/public/2017/0007/latest/whole.html

[xxi] https://www.legislation.govt.nz/act/public/2014/0051/latest/dlm6183705.html

[xxii] https://forms.justice.govt.nz/search/Documents/WT/wt_DOC_195476216/Hauora%202023%20W.pdf

[xxiii] https://www.health.govt.nz/strategies-initiatives/health-strategies/pae-ora-strategies

[xxiv] https://www.legislation.govt.nz/act/public/2022/0030/latest/versions.aspx

[xxv] https://www.legislation.govt.nz/bill/government/2023/0293/6.0/d17231378e2.html

[xxvi] https://www.privacy.org.nz/privacy-principles/codes-of-practice/biometric-processing-privacy-code/

[xxvii] https://www.legislation.govt.nz/act/public/2020/0038/latest/LMS170676.html

[xxviii] Data and Statistics Act 2022

[xxix] https://www.legislation.govt.nz/act/public/2025/0014/latest/whole.html

[xxx] https://www.legislation.govt.nz/act/public/2022/0030/latest/versions.aspx

[xxxi] https://www.legislation.govt.nz/act/public/2020/0031/latest/LMS23223.html

[xxxii] https://www.legislation.govt.nz/act/public/2022/0061/latest/LMS352239.html

[xxxiii]  https://forms.justice.govt.nz/search/Documents/WT/wt_DOC_195476216/Hauora%202023%20W.pdf

[xxxiv] https://www.health.govt.nz/strategies-initiatives/health-strategies/pae-ora-strategies

[xxxv] https://www.legislation.govt.nz/act/public/2022/0030/latest/versions.aspx

[xxxvi] https://data.govt.nz/docs/report-offshoring-nz-govt-data#relevant_legal

[xxxvii] https://www.kahuiraraunga.io/maoridatagovernance

[xxxviii] https://www.taiuru.co.nz/compendium-of-maori-data-sovereignty/#DEFINITIONS_OF_MAORI_DATA_SOVERIGNTY

[xxxix] https://www.courtsofnz.govt.nz/assets/Uploads/2021-NZHC-2942.pdf

[xl] https://www.waikato.ac.nz/research/institutes-centres-entities/institutes/tkri/innovation/tikanga-in-technology/

[xli] https://www.mbie.govt.nz/assets/Data-Files/Science-technology/science-innovation/who-got-funded.xlsx

[xlii] https://data.govt.nz/docs/report-offshoring-nz-govt-data#relevant_legal

[xliii] Office of the Privacy Commissioner. Artificial Intelligence and the Information Privacy Principles. https://www.privacy.org.nz/assets/New-order/Resources-/Publications/Guidance-resources/AI-Guidance-Resources-/AI-and-the-Information-Privacy-Principles.pdf (2023).